On Aug 27, 2:41 am, Nelson B <[EMAIL PROTECTED]> wrote: > Peter Djalaliev wrote: > > I don't know what you mean by full-blown TPMs. I assume that for you, > > full-blown TPMs = Big Brother. I don't buy into this completely, > > however. > > > TPM-enabled systems are still under implementation and the specifics > > of how they are going to function depend on how they will be > > implemented. However, if such an implementation is built with user > > privacy and user control over the TPM in mind, it can be a very > > powerful solution to existing hard-to-defend-from attacks. There is > > existing research going on in this area and the results we have look > > promising. > > A system that allows some (any) remote person/system to interrogate my > system to see what software is installed and running on it, and the > use of such interrogation by remote systems/persons to decide how to > respond to requests from my system, or to decide whether or not to > send requests to my system, is Big Brother. It is also MS's wet dream, > AFAICT. >
There are multiple reasons why platform attestation should be under the controls of the user or system administrator. Privacy is one and is an indeed extremely important point. Plain old security is another one because the attestation log (list of running executables/ libraries) reveals security-sensitive information such as firewall/IDS type and version and so on. Having attestation be done without the explicit approval of a user (or more likely a system admin) is just plainly bad from a security standpoint. The ability to prevent such attacks also makes us able to prevent Big Brother. I agree with you that being able to do something doesn't automatically make it happen. This is why the manner of implementation is so very important for TPM-enabled technologies. I personally don't envision a point of the future when user will be stuck with having to buy a TPM with a Big Brother configuration on it. While respecting everybody else's opinion, I think that this is healthy paranoia and underestimates the power of user choice and preferences. MS is not what it was and I doubt it will become it again. Excellent products like Macs, Firefox, Thunderbird and Ubuntu Linux allow choices for many users. I believe that users are slowly catching on to this. > I suspect that if you ask ANY user in the world if it would be OK for > their system to tell any remote system that asks what software it has > installed (including version information), you'd uniformly get reactions > that could be described as "looks of horror". > Then the answer should be plainly "no". Allowing such an attestation to happen is the same kind of mistake as blindly accepting self-signed certificates in phishing e-mails. However, it would be an interesting usability study to see if people would actually say "no" to such an attestation request or they will just click it away. However, if a server host runs an airline database and needs to provide platform attestation to a mobile agent who is making airline reservations (just an example, maybe not applicable yet), I see no reasons as to why this shouldn't happen. Here I make the distinction again between mass users and specialized applications, which require that additional bit of security. Mass user maybe don't. Specialized applications clearly do. Regards, Peter Djalaliev _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
